CYBERSECURITY FOR SMALL BUSINESS You get an that looks like it’s from someone you know. It seems to be from one of your company’s vendors and asks that you click on a link to update your business account. Should you click? Maybe it looks like it’s from your boss and asks for your network . Should you reply? In either case, probably not. These may be phishing attempts. HOW PHISHING WORKS WHAT YOU CAN DO You get an email or text Before you click on a link or share any of your sensitive business information: It seems to be from someone you know, and it asks you to click a link, or give your password, business bank account, or other Check it out sensitive information. Look up the or phone number for the company or person behind the text or It looks real email. Make sure that you’re getting the It’s easy to spoof logos and make up fake email real company and not about to download addresses. Scammers use familiar company or talk to a scammer. names or pretend to be someone you know. It’s urgent Talk to someone The message pressures you to act now — Talking to a colleague might help you figure or something bad will happen. out if the request is real or a phishing attempt. What happens next Make a call if you’re not sure If you click on a link, scammers can install or other programs that can Pick up the phone and call that vendor, lock you out of your data and spread to colleague, or client who sent the email. the entire company network. If you share Confirm that they really need information , scammers now have access to from you. Use a number you know to be all those accounts. correct, not the number in the email or text.

LEARN MORE AT: FTC.gov/SmallBusiness CYBERSECURITY FOR SMALL BUSINESS HOW TO WHAT IF YOU FALL FOR A PROTECT YOUR BUSINESS PHISHING SCHEME Back up your data Alert others Regularly back up your data and Talk to your colleagues and share your make sure those backups are not experience. Phishing attacks often happen to connected to the network. That more than one person in a company. way, if a phishing attack happens and hackers get to your network, you can restore your data. Make Limit the damage data backup part of your routine Immediately change any compromised business operations. passwords and disconnect from the network any computer or device that’s infected with malware. Keep your security up to date Follow your company’s procedures Always install the latest patches These may include notifying specific people and updates. Look for additional in your organization or contractors that help means of protection, like email you with IT. and intrusion prevention software, and set them Notify customers to update automatically on your computers. On mobile devices, If your data or personal information was you may have to do it manually. compromised, make sure you notify the affected parties — they could be at risk of identity . Find information on how to do that Alert your staff at Response: A Guide for Business Share with them this information. (FTC.gov/DataBreach). Keep in mind that phishing scammers change their tactics Report it often, so make sure you include Forward phishing to spam@uce. tips for spotting the latest phishing gov (an address used by the FTC) and to schemes in your regular training. [email protected] (an address used by the Anti-Phishing Working Group, which Deploy a safety net includes ISPs, security vendors, financial Use institutions, and law enforcement agencies). Let technology to help prevent the company or person that was impersonated phishing emails from reaching know about the phishing scheme. And report it your company’s inboxes in the to the FTC at FTC.gov/Complaint. first place.

LEARN MORE AT: FTC.gov/SmallBusiness